Critical iOS "Quicksand" Vulnerability Lets Malicious Mobile Apps to Grab Enterprise Credentials

Thursday, August 20, 2015

InfosecIsland News

Ffc4103a877b409fd8d6da8f854f617e

Mobile security firm Appthority says it has identified a critical security flaw in the iOS mobile operating system that affects all iPhone, iPod touch, iPad devices running iOS 7 and later.

Dubbed "Quicksand" by the the security firm, the sandbox security vulnerability enables a malicious mobile app, or a bad actor who gains access to a physical device, to read other installed mobile apps' managed preferences, giving cybercriminals the ability to harvest credentials and exfiltrate other sensitive corporate data. 

Apple has fixed the vulnerability in the most recent iOS 8.4.1 security update, and user should ensure both corporate and employee owned devices are running the most current iOS version.

  Read More at SecurityWeek

Possibly Related Articles:
18806
iOS MDM mobile CVE-2015-5749
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.